ClawHub
Back to skill
v1.0.0

05 Monthly Report

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 2:42 PM.

Analysis

This is an instruction-only compliance monthly report template with no code or credential requirements, but users should verify its source before sharing sensitive business data.

GuidanceThis skill appears safe as an instruction-only report template, but it is designed for sensitive internal compliance reporting. Verify that the publisher is authorized, review any missing referenced documents, and only provide business, legal, supplier, or incident data that you are allowed to share with the agent.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Human-Agent Trust Exploitation
SeverityLowConfidenceHighStatusNote
SKILL.md
author: 阿里巴巴内控部(思维训练版) ... 你是阿里巴巴内控部的**合规报告专家**。

The skill adopts an Alibaba internal-control identity and expert role while the registry source is unknown. This may be a role-play/reporting template, but users should verify provenance before relying on it for internal compliance work.

User impactA user might over-trust the skill as an official internal compliance tool and share sensitive operational or regulatory details without confirming authorization.
RecommendationTreat it as a report-generation template unless its publisher and organizational approval are verified; avoid pasting confidential data unless permitted.
Agentic Supply Chain Vulnerabilities
SeverityInfoConfidenceHighStatusNote
SKILL.md
reference: - 统一术语表:docs/GLOSSARY.md ... - 信息不足处理:docs/INSUFFICIENCY-HANDLING.md ... - 规则更新同步:docs/RULE-UPDATE-SOP.md

The skill references supporting documentation, but the supplied manifest contains only SKILL.md. This is not unsafe by itself, but it means some referenced rules were not available for review.

User impactUsers may assume referenced glossary, insufficiency-handling, and update procedures exist and were reviewed, even though they were not included in the artifact set.
RecommendationRequest or review the referenced documentation before depending on those procedures for formal reporting.